IETF Logo Mail Archive

[rtcweb] Review of draft-ietf-rtcweb-stun-consent-freshness-05

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 18 July 2014 01:59 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C2931B27C9 for <rtcweb@ietfa.amsl.com>; Thu, 17 Jul 2014 18:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BTlO2GMi6ytt for <rtcweb@ietfa.amsl.com>; Thu, 17 Jul 2014 18:59:19 -0700 (PDT)
Received: from qmta02.westchester.pa.mail.comcast.net (qmta02.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:24]) by ietfa.amsl.com (Postfix) with ESMTP id 304301A03A9 for <rtcweb@ietf.org>; Thu, 17 Jul 2014 18:59:18 -0700 (PDT)
Received: from omta07.westchester.pa.mail.comcast.net ([76.96.62.59]) by qmta02.westchester.pa.mail.comcast.net with comcast id TdUB1o00C1GhbT851dzJrP; Fri, 18 Jul 2014 01:59:18 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([50.138.229.164]) by omta07.westchester.pa.mail.comcast.net with comcast id TdzJ1o00Q3ZTu2S3TdzJV1; Fri, 18 Jul 2014 01:59:18 +0000
Message-ID: <53C87F76.8070007@alum.mit.edu>
Date: Thu, 17 Jul 2014 21:59:18 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1405648758; bh=NhXNWgzTqf9scDnx2antt8umyPrCetsG/TTKelWBeSY=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=taNk/YsUFxEHCKeplFj6CHCffacBAnEFuBEq7TEU3J5ZoJFxwtRAYVqaMFgm11sdH klbaPzGJnwOrMnZWA8uO5NACSj1dZnsinuajZ5+0PwLwSnziOki6mNLKVmq7ZOVRZ6 or3FKiehcUl2YeGlGaZUFQXU3h8u1FH2kq2vIZZOamWoFevKc61h/RO2PgEkGWkYA1 npp0PUm5Pb10tXHH17lF0XuZtzU9m65XmkPL1FkvW7Ad77zeu5hLB5SK9UdT2Lil2V RxHjbyeYcOKcAgHCWACepAi9mhByy5rDRskxBzqHmTun7NhbIYTltlD3nbQJ9bw6nk vOUnC01MpSFPw==
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/0RfNCamiqohJhDZFdXzcbjThqdk
Subject: [rtcweb] Review of draft-ietf-rtcweb-stun-consent-freshness-05
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 01:59:22 -0000

Some comments from reading the latest version:

Introduction:

    WebRTC endpoints are required to support full ICE as specified in
    section 3.4 of [I-D.ietf-rtcweb-transports].  However, when WebRTC
    endpoints interwork with other endpoints that support only ICE-lite
    (e.g. gateways) those endpoints will not generate consent checks, but
    just respond to consent checks they receive.

Having just read the overview document, I question the terminology 
above. The following would be more consistent with the overview:

    WebRTC browsers are required to support full ICE as specified in
    section 3.4 of [I-D.ietf-rtcweb-transports].  However, when WebRTC
    browsers interwork with other WebRTC devices that support only
    ICE-lite (e.g. gateways) those endpoints will not generate consent
    checks, but just respond to consent checks they receive.

or perhaps you mean:

    WebRTC devices are required to support full ICE as specified in
    section 3.4 of [I-D.ietf-rtcweb-transports].  However, when WebRTC
    devices interwork with other endpoints that support only ICE-lite
    (e.g. gateways) those endpoints will not generate consent checks, but
    just respond to consent checks they receive.

Section 4.1:

    ...  To prevent expiry of consent, a STUN binding
    request is sent every N milliseconds, where N SHOULD be 5000
    milliseconds and MUST be randomized at least 20% above and 20% below
    that value (to prevent prevent network synchronization).  Using the
    value 5000 milliseconds and that 20% randomization range, N would be
    a value between 4000 and 6000.  ...

The normative requirement is weird here. (I MUST do the randomization, 
but that forces me to violate the SHOULD.) Do you mean the central value 
SHOULD be 5000, but in the case that it is some other value then the 
range should be from 20% below to 20% above that value? Would that 20% 
be appropriate if I changed N to 500 or 50000? Also, is the 
randomization to be done once for the session, or repeated for each 
consent request that is sent?

I think the following gives the same rule in an easier to understand way:

    ...  To prevent expiry of consent, a STUN binding request MUST be
    every N milliseconds, where N is chosen randomly in the interval
    [.8N, 1.2N] (to prevent prevent network synchronization), where N
    SHOULD be 5000.  Using the value 5000 milliseconds and that 20%
    randomization range, N would be a value between 4000 and 6000.  ...

Note this is equivalent to [N, 1.5N] with the recommended value of N 
changed to 4000. That might be easier.

(And, if I remember my math, it would be more proper to write the 
interval as "[N, 1.5N)". But that may be disturbing to programmers. As a 
programmer I'd more likely write "[N, int(1.5N)-1]", but that is ugly in 
text.)

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email